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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address -• 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.O. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely Hied, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 26 April 2006 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-30 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-30 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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2) □ Notice of Drafts person's Patent Drawing Review (PTO-948) Pa P er No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1 449 or PTO/SB/08) 5 ) Q Notice of Informal Patent Application (PTO-1 52) 
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DETAILED ACTION 

1 . Claims 1-30 are pending in this office action. 

Continued Examination Under 37 CFR 1.114 

2. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous .Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on April 
26, 2006, has been entered. 

3. Applicant's arguments are moot in view of the new ground of rejection. 

Rejections 

4. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 



Claim Rejections - 35 USC § 103 

5. Claims 1-30 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gross (U.S. Patent No. 7,032,020) in view of Duffield et al. (U.S. Patent No. 6,873,600). 
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Regarding claims 1 and 16 , Gross discloses a method/apparatus for tracing a 
sequence of packets to a potential source thereof within a communications network, the 
sequence of packets being received at a target host in said communications network at 
a received packet rate, the method comprising the steps of: 

• Identifying a plurality of network elements comprised in said 
communications network (fig. 3, ref. num SN1-SN8 and A-K); 

• Applying a burst load to a selected one of said identified network elements in 
said communications network (col. 5, lines 44-51 ); 

• Measuring a change in said received packet rate in response to said application 
of said burst load to said selected network element (col. 7, lines 48-51); and 

• Repeating steps 2-4 on other selected network elements a plural number of 
times to generate a path leading from said target host to said potential 
source based on the selected network elements which have been included 
in said potential path (col. 7, lines 31-51) 

Gross does not teach including said selected network element in a potential 
path if said change in said received packet rate fails to meet a predetermined 
criterion. 

Duffield et al. teaches including said selected network element in a potential 
path if said change in said received packet rate fails to meet a predetermined 
criterion (fig. 1 ). 
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It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine including said selected network element in a 
potential path if said change in said received packet rate fails to meet a 
predetermined criterion, as taught by Duffield et al. t with the method/apparatus of 
Gross . It would have been obvious for such modifications because measuring a 
potential path for a DoS attack allows direct inference of traffic flows traversing a certain 
subset of the network (see abstract of Duffield et al.). 

Regarding claims 2 and 17 , Gross as modified by Duffield et al. discloses 
wherein said communications network comprises the Internet (see col. 3, lines 22-25 of 
Gross). 

Regarding claims 3 and 18 , Gross as modified by Duffield et al. discloses 
wherein each of said selected network elements comprises a network link (see fig. 3, 
ref. num 90 of Gross). 

Regarding claims 4 and 19, Gross as modified by Duffield et al. discloses 
wherein said step of applying a burst load to said network link comprises transmitting 
packets to a sub network of said communications network to initiate a responsive flow of - 
packets through said network link (see col. 6, lines 20-29 of Gross). 
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Regarding claim 5 and 20 . Gross as modified by Duffield et al. discloses wherein 
said transmitted packets are spoofed from an end of said network link closest to said 
target host (see col. 21 , lines 49-53 of Duffield et al.). 

Regarding claims 6 and 21 , Gross as modified by Duffield et al. discloses 
wherein said transmitted packets comprise UDP chargen requests (see col. 5, lines 21- 
23 of Gross). 

Regarding claims 7 and 22 , Gross as modified by Duffield et al. discloses 
wherein each of said selected network elements comprises a network router (see col. 3, 
lines 28-30 of Gross). 

Regarding claims 8 and 23 , Gross as modified by Duffield et al. discloses further 
comprising the step of generating a map comprising routes from said target host to a 
plurality of sub networks of said communications network (see fig. 3 of Duffield et al.). 

Regarding claims 9 and 24 . Gross as modified by Duffield et al. discloses further 
comprising the step of eliminating said selected network element from consideration as 
said potential source of said sequence of packets when said change in said received 
packet rate meets the predetermined criterion (see col. 17, lines 43-52 of Duffield et 
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Regarding claims 10 and 25 , Gross as modified by Duffield et al. discloses 
wherein said predetermined criterion comprises a determination of whether said change 
in said received packet rate is less than a predetermined threshold (see col. 22, lines 
38-45 of Duffield etaL). 

Regarding claims 1 1 and 26 , Gross as modified by Duffield et al. discloses 
wherein said step of eliminating said selected network element from consideration also 
eliminates from consideration one or more sub networks of said communications 
network which are connected to said selected network element (see col. 17, lines 43-52 
of Duffield etaL). 

Regarding claims 12 and 27 , Gross as modified by Duffield et al. discloses 
wherein said sequence of packets comprises a Denial-of-Service attack on said target 
host (see col. 21, lines 49-61 of Duffield et al.). 

Regarding claims 13 and 28 , Gross as modified by Duffield et al. discloses 
wherein said steps of applying said burst load, measuring said changes in said received 
packet rate, and determining said potential source of said sequence of packets, are 
executed under the control of an automated algorithm (see col. 8, lines 23-25 of Gross, 
a program). 
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Regarding claims 14 and 29 , Gross as modified by Duffield et al. discloses 
wherein said steps of applying said burst load and determining said potential source of 
said sequence of packets, are executed under the at least partial control of a human 
operator (see col. 8, lines 23-25 of Gross, a user). 

Regarding claims 15 and 30 , Gross as modified by Duffield et al. discloses 
further comprising the step of displaying information, said information including data 
representative of said measured changes in said received packet rate, to said human 
operator, for use by said human operator in exercising said at least partial control (see 
col. 8, lines 23-25 of Gross, a user). 

■ Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 
272-3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571 -272-1000. 




